SailPoint's IdentityIQ provides enterprise-level cloud-based or installed identity and access management (IAM) software featuring single sign-on (SSO), password management, provisioning, role management, and identity intelligence for audit purposes.https://dudodiprj2sv7.cloudfront.net/product-logos/PJ/V3/TPO4S5UWEH5K.pngSailPointSailPoint's IdentityIQ IDM Solution2017-12-21T19:34:33.884ZIdentity IQ is being used by the entire Western Union enterprise with 20,000+ users. It is our primary access request system with 750+ applications. It manages the workflow for request approval and in many cases provided the automatic provisioning and de-provisioning of accounts upon approval. We also use the system to manage our quarterly access review and re-certification process.,The access request work flow and back end process is exceptional. It effectively manages all of the various pieces of a request and presents the completed request to the provisioning agent as a single record. This is very helpful to the efficiency of the process since the provisioning agent only sees the completed request rather than seeing each component as it is approved. Other systems deliver the various request components to provisioning as they are approved but cannot be provisioned without all the components. Thus creating complexity for the provisioning agent and impacting the SLAs with what looks like a delay with the provisioning process.
The system is robust enough to effectively handle the scale that we need. With 750+ applications, 24,304 individual entitlements to select from, and an average of 10,200 request transactions per month. We have never had any performance issues.
The system flexible enough to accommodate our complex business needs without needing to customize the base system. We have been able to add significant functionality to the system in order to support the business needs by extending the code rather than altering the base code. This has enabled a simple upgrade of the system without having to re-apply code enhancements.,The user interface is not very intuitive. It is hard for the occasional user to navigate through the request process. There are no instructions on the screen to help the user to know what to do. It is left up to the user to figure out what to click on and how to navigate through the process.,10,IdentityIQ has enabled us to effectively manage our access request, provisioning and verification process to all compliance standards including the new GDPR and New York requirements.
IdentityIQ is 1/3 of the cost of our previous system and provides for a more robust solution for our Access Management operations.,Saviynt and ForgeRock OpenIDM,Okta, Lieberman Enterprise Random Password Manager, Microsoft Office 365Mark Routh MCPM, PMP, CSMReal perspective from a real user2017-12-19T17:55:10.653ZI implement SailPoint IdentityIQ for enterprises who are looking to manage their overall risk posture, typically across the most sensitive parts of their organizations; The main business problems the solution address is around proactive access management. In an organization where you have hundreds (or some cases) thousands of users constantly joining, leaving or moving within the company to take on complex projects, IT has the burden to assure that users have the application access required to do their jobs. Imagine orgs that have multiple roles, job functions, geographies, and regulations; accurately granting access and limiting access can be a major undertaking and IIQ helps to manage the complexity of that entire process, which is what is referred to as identity lifecyle management.,Providing accurate visibility enterprise-wide to who has access to what applications and data, across the entire organization.
Seamless automatic provisioning of access based on matrix defined job roles and job functions , simplifying the provisioning process.
An elegant interface to manage certifications and to limit access as customers change their job functions or projects (typically within 12-24 months).,Technical adoption requires a high level of training and experience by the implementing teams.
SailPoint and partners offers very good training courses which I think are very good. An area of improvement can be in providing cloud VMs that users can work with to learn the IIQ tool more effectively at their own pace.,10,For projects Ive been involved in the ROI has been very good. Customers can measure, they can improve their risk posture and their risk appetite, making better decisions.
No negative impact, it only helps businesses improve. Adopting the solution sometimes comes with negative feedback from some; the solution does call for many (good) changes and it tends to push the envelope a bit which might be perceived as a negative. Customers should stay the course and take it step by step.,Okta, Oracle Identity Manager and Tivoli Identity Manager,Microsoft Visual Studio Team System, Eclipse, MySQL, Microsoft SQL Server, Oracle Database as a ServiceOmon EdekiIdentityIQ - not perfect, but better than Oracle2017-12-19T01:30:31.455ZWe use it for: access provisioning, self service password reset, and database password synchronization.,Very customizable interface
Ability to connect to many enterprise databases and systems like AD
One integrated product built from the ground up with the entire identity lifecycle in mind.,Beanshell is used to program it - this is an old variant of Java pre-generics. This language essentially died in 2005 and there is no reason a product like this should be using it.
There is no built-in way to version control the scripts that are used. We had to develop our own system to properly follow the SDLC.,6,We were able to save a lot of money by using IdentityIQ instead of paying for more multiple Oracle Identity products in the same space.
We were also able to use IdentityIQ to retire our Control-SA product which was end-of-life'd by the vendor.
The self-service capabilities of the product saved a lot of calls to the helpdesk.,Oracle Identity and Access Management Suite and Oracle Identity Manager,Eclipse, .NET, Oracle DatabaseVerified UserReview of IdentityIQ2017-04-12T19:31:12.928ZIdentityIQ is used both as an IAM tool to manage user logins across various devices and software. This includes Windows accounts, our timesheet software, email accounts, and a few other software tools used by our engineers. Additionally, IdentityIQ also is used for very specific workflows that require the contribution of several employees. For example, we have a team that is spread out over three different client sites in different time zones. They use the workflow to ensure that all of their steps are taken care of in an organized manner.,It's great for specific workflows that bottleneck around a certain individual. IIQ identifies the bottleneck and "shames" that employee to pick it up. With an IIQ developer, you can make almost any workflow that you need.
It's great for people who forget their Windows password a lot, especially if you have a password policy that requires constant changes. IIQ allows the user to select "forgot password?" on the Windows login.
It's great for administrators because now they can admin a user's accounts all in one spot instead of keeping records across several pieces of software.,Making it easier to create workflows would be helpful. Especially if an admin could do this work. Developers cost more...,9,It requires less administrative labor to track all the account information.
It's safer.,Microsoft Azure,ForgeRock OpenIDMDavid RiddelMy IdentityIQ Experience as an Engineer2017-04-04T21:42:02.296ZWe do not use IdentityIQ in our company. We as a contractor implement IdentityIQ.,Access certifications are one of the best features in IdentityIQ. You will be able to approve and extend employee's access to different applications periodically and it reduce the risk of unnecessary long time accesses to the applications.
I personally like the role-base access control feature in IdentityIQ. It helps you to find out the existing roles in the systems and assign access to those roles. That makes it easy to implement the software in large organizations.
Although the risk factor are chalenging to define in first place but they'll be very usefull to give the management team a good view of high risk previleged employees.,I would like IdentityIQ to have a directory service built in and not [be] dependent to other directories.
Having Single Sign on would be a great improvement.
Although they are adding more and more connectors to IdentityIQ, they are applications that they don't have a connector and the implementor has to develop a connector for that.,9,Over time, IdentityIQ would save a lof of money and time by eliminating unnecessary paperwork in organizations.
By controlling access to applications, IdentityIQ reduces the risk of security breaches and hacks.
Self-service password reset and provisioning make this solution unique and would increase the efficiency and productivity of employees.,Foregrock and Azure,ForgeRock OpenIDM, Microsoft Azure, Microsoft AccessVerified User

Identity IQ is being used by the entire Western Union enterprise with 20,000+ users. It is our primary access request system with 750+ applications. It manages the workflow for request approval and in many cases provided the automatic provisioning and de-provisioning of accounts upon approval. We also use the system to manage our quarterly access review and re-certification process.

The access request work flow and back end process is exceptional. It effectively manages all of the various pieces of a request and presents the completed request to the provisioning agent as a single record. This is very helpful to the efficiency of the process since the provisioning agent only sees the completed request rather than seeing each component as it is approved. Other systems deliver the various request components to provisioning as they are approved but cannot be provisioned without all the components. Thus creating complexity for the provisioning agent and impacting the SLAs with what looks like a delay with the provisioning process.

The system is robust enough to effectively handle the scale that we need. With 750+ applications, 24,304 individual entitlements to select from, and an average of 10,200 request transactions per month. We have never had any performance issues.

The system flexible enough to accommodate our complex business needs without needing to customize the base system. We have been able to add significant functionality to the system in order to support the business needs by extending the code rather than altering the base code. This has enabled a simple upgrade of the system without having to re-apply code enhancements.

The user interface is not very intuitive. It is hard for the occasional user to navigate through the request process. There are no instructions on the screen to help the user to know what to do. It is left up to the user to figure out what to click on and how to navigate through the process.

It is most appropriate for organizations that categorize the request in a "role" configuration but is quite appropriate for "entitlement" based configurations as well. Its flexible configuration is very effective for accommodating any business needs in an efficient manner.

I implement SailPoint IdentityIQ for enterprises who are looking to manage their overall risk posture, typically across the most sensitive parts of their organizations; The main business problems the solution address is around proactive access management. In an organization where you have hundreds (or some cases) thousands of users constantly joining, leaving or moving within the company to take on complex projects, IT has the burden to assure that users have the application access required to do their jobs. Imagine orgs that have multiple roles, job functions, geographies, and regulations; accurately granting access and limiting access can be a major undertaking and IIQ helps to manage the complexity of that entire process, which is what is referred to as identity lifecyle management.

Technical adoption requires a high level of training and experience by the implementing teams.

SailPoint and partners offers very good training courses which I think are very good. An area of improvement can be in providing cloud VMs that users can work with to learn the IIQ tool more effectively at their own pace.

If you are holding customer information, then you need IIQ or some kind of identity management system. While smaller companies can live without it, as you grow and add new applications, regions and offerings to your customers, it is critical to manage access to customer and operational data. Business data today is very much similar to capital, and you want to properly manage who access to your capital resources demonstrating prudence and vigilance to customers.

It definitely is better than the Oracle suite of products in that there is one unified product which handles what you'd need multiple Oracle products for. That said, it is not very exciting or cutting-edge to work with.

IdentityIQ is used both as an IAM tool to manage user logins across various devices and software. This includes Windows accounts, our timesheet software, email accounts, and a few other software tools used by our engineers. Additionally, IdentityIQ also is used for very specific workflows that require the contribution of several employees. For example, we have a team that is spread out over three different client sites in different time zones. They use the workflow to ensure that all of their steps are taken care of in an organized manner.

It's great for specific workflows that bottleneck around a certain individual. IIQ identifies the bottleneck and "shames" that employee to pick it up. With an IIQ developer, you can make almost any workflow that you need.

It's great for people who forget their Windows password a lot, especially if you have a password policy that requires constant changes. IIQ allows the user to select "forgot password?" on the Windows login.

It's great for administrators because now they can admin a user's accounts all in one spot instead of keeping records across several pieces of software.

Access certifications are one of the best features in IdentityIQ. You will be able to approve and extend employee's access to different applications periodically and it reduce the risk of unnecessary long time accesses to the applications.

I personally like the role-base access control feature in IdentityIQ. It helps you to find out the existing roles in the systems and assign access to those roles. That makes it easy to implement the software in large organizations.

Although the risk factor are chalenging to define in first place but they'll be very usefull to give the management team a good view of high risk previleged employees.

IdentityIQ is the best choice for very large organizations with complicated processes and paperwork. The ability of custom workflows in IdentityIQ would help organizations to boost the speed and accuracy of their business processes. Automation is another factor that makes IdentityIQ best choice for large firms. This feature would provide end to end automated provisioning and de-provisioning in several applications.

Our company did not have an IAM solution, and was relying on pen/paper to conduct certifications. After conducting POCs with 6 vendors, SailPoint clearly stood out. The ease of implementation (along with IdN) and the intuitive nature of the product make it a winner. And support from SailPoint is fantastic. Simply a great product.